kdbx 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 4f1066ac2625d013aa37082c0e66ba15c59a35ad
+  data.tar.gz: 3143044e49a5ba3299b56a3741acaaeba990a5b0
+SHA512:
+  metadata.gz: bcc4f6b347839ec701f234fefe47fde2311f3f79b71be7c28525f1a711b4f8e354d05724c77a8054f90b61146718dd8dea246edc7316d3ca7e49e133b59f1444
+  data.tar.gz: 679881649d8cd3a479f3774b111a26ee24aa9279fecfb840d0d3ec0877e506d5ab35336f3a4cc24248d554f13fa2219273706539ebfd618529382de7495c5a75

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 rumtid
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,19 @@
+# kdbx.rb
+
+Yet another library for kdbx file.
+
+## Installation
+
+```
+$ gem install kdbx
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/lib/kdbx.rb

@@ -0,0 +1,39 @@
+require "kdbx/version"
+require "kdbx/attributes"
+require "kdbx/encryption"
+require "kdbx/wrapper"
+require "kdbx/header"
+
+class Kdbx
+  include Attributes
+  include Encryption
+
+  def initialize(filename = nil, **opts)
+    super()
+    if filename == nil
+      @header  = Header.new
+      @content = String.new
+    else
+      self.filename = filename
+      self.password = opts[:password] if opts.has_key? :password
+      self.keyfile  = opts[:keyfile]  if opts.has_key? :keyfile
+      load
+    end
+  end
+
+  def load
+    File.open filename, "rb" do |file|
+      @header = Header.load file
+      decode_content file.read
+    end
+    self
+  end
+
+  def save
+    File.open filename, "wb" do |file|
+      @header.save file
+      encode_content file
+    end
+    self
+  end
+end

data/lib/kdbx/attributes.rb

@@ -0,0 +1,90 @@
+require "base64"
+
+class Kdbx
+  module Attributes
+    attr_reader :filename
+    def filename=(name)
+      @filename = File.absolute_path name
+    end
+
+    attr_reader :password
+    def password=(str)
+      @password = str == nil ? "" : sha256(str)
+    end
+
+    attr_reader :keyfile
+    def keyfile=(str)
+      @keyfile = File.absolute_path str
+    end
+
+    def credential
+      secrets = String.new
+      secrets << password if password
+      if keyfile
+        data = File.read keyfile
+        if [32, 64].include? data.bytesize
+          secrets << data
+        else
+          begin
+            doc = REXML::Document.new data
+            ele = doc.elements["/KeyFile/Key/Data"]
+            secrets << Base64.decode64(ele.text)
+          rescue REXML::ParseException
+            secrets << sha256(data)
+          end
+        end
+      end
+      secrets
+    end
+
+    def compressionflags
+      @header[3].unpack("L").first
+    end
+
+    def compressionflags=(flag)
+      @header[3] = [flag].pack("L")
+    end
+
+    def zipped?
+      compressionflags == 1
+    end
+
+    def masterseed
+      @header[4]
+    end
+
+    def transformseed
+      @header[5]
+    end
+
+    def transformrounds
+      @header[6].unpack("Q").first
+    end
+
+    def transformrounds=(num)
+      @header[6] = [num].pack("Q")
+    end
+
+    def encryptioniv
+      @header[7]
+    end
+
+    def protectedstreamkey
+      @header[8]
+    end
+
+    def streamstartbytes
+      @header[9]
+    end
+
+    def innerrandomstreamid
+      @header[10].unpack("L").first
+    end
+
+    def innerrandomstreamid=(id)
+      @header[10] = [id].pack("L")
+    end
+
+    attr_accessor :content
+  end
+end

data/lib/kdbx/encryption.rb

@@ -0,0 +1,62 @@
+require "zlib"
+require "openssl"
+require "salsa20"
+
+class Kdbx
+  module Encryption
+    private
+
+    def sha256(data)
+      OpenSSL::Digest::SHA256.digest data
+    end
+
+    def salsa20
+      key = sha256 protectedstreamkey
+      Salsa20.new key, "\xE8\x30\x09\x4B\x97\x20\x5D\x2A"
+    end
+
+    def masterkey
+      cipher = OpenSSL::Cipher.new("AES-256-ECB").encrypt
+      cipher.key, data = transformseed, sha256(credential)
+      transformrounds.times { data = cipher.update data }
+      sha256(masterseed + sha256(data))
+    end
+
+    def encrypt(data)
+      cipher = OpenSSL::Cipher.new("AES-256-CBC").encrypt
+      cipher.iv, cipher.key = encryptioniv, masterkey
+      cipher.update(streamstartbytes + data) + cipher.final
+    end
+
+    def decrypt(data)
+      cipher = OpenSSL::Cipher.new("AES-256-CBC").decrypt
+      cipher.iv, cipher.key = encryptioniv, masterkey
+      data = cipher.update(data) + cipher.final
+      unless data.start_with? streamstartbytes
+        fail "InvalidKey"
+      end
+      size = streamstartbytes.bytesize
+      return data.byteslice size..-1
+    end
+
+    def encode_content(file)
+      data = Wrapper.protect @content do |block|
+        salsa20.encrypt block
+      end if innerrandomstreamid == 2
+      data = Zlib.gzip data if zipped?
+      data = Wrapper.wrap data
+      data = encrypt data
+      file.write data
+    end
+
+    def decode_content(data)
+      data = decrypt data
+      data = Wrapper.unwrap data
+      data = Zlib.gunzip data if zipped?
+      data = Wrapper.expose data do |block|
+        salsa20.decrypt block
+      end if innerrandomstreamid == 2
+      @content = data
+    end
+  end
+end

data/lib/kdbx/header.rb

@@ -0,0 +1,74 @@
+require "openssl"
+require "forwardable"
+
+class Kdbx::Header
+  def self.load(stream)
+    fields = {
+      :pid => stream.readpartial(4),
+      :sid => stream.readpartial(4),
+      :ver => stream.readpartial(4)
+    }
+    loop do
+      id = stream.readbyte
+      sz = stream.readpartial 2
+      sz = sz.unpack("S").first
+      fields[id] = stream.readpartial sz
+      break if id == 0
+    end
+    new.merge! fields
+  end
+
+  extend Forwardable
+  def_delegators :@fields, :[], :[]=, :has_key?
+
+  def initialize
+    @fields = {}
+  end
+
+  def initialize_copy(other)
+    super
+    @fields = other.instance_variable_get(:@fields).clone
+  end
+
+  def merge(hash)
+    clone.merge! hash
+  end
+
+  def merge!(hash)
+    @fields.merge! hash
+    self
+  end
+
+  def save(stream)
+    set_defaults
+    stream.write @fields.fetch :pid
+    stream.write @fields.fetch :sid
+    stream.write @fields.fetch :ver
+    @fields.each do |key, val|
+      next if !(key.is_a? Integer) || key == 0
+      stream.write [key, val.bytesize].pack("CS") + val
+    end
+    val = @fields.fetch 0
+    stream.write [0, val.bytesize].pack("CS") + val
+  end
+
+  private
+
+  def set_defaults
+    @fields.merge!({
+      :pid => "\x03\xD9\xA2\x9A",
+      :sid => "\x67\xFB\x4B\xB5",
+      :ver => "\x01\x00\x03\x00",
+      0 => "\x00\xD0\xAD\x0A",
+      2 => "\x31\xC1\xF2\xE6\xBF\x71\x43\x50\xBE\x58\x05\x21\x6A\xFC\x5A\xFF",
+      3 => "\x01\x00\x00\x00",
+      4 => OpenSSL::Random.random_bytes(32),
+      5 => OpenSSL::Random.random_bytes(32),
+      6 => "\x70\x17\x00\x00\x00\x00\x00\x00",
+      7 => OpenSSL::Random.random_bytes(16),
+      8 => OpenSSL::Random.random_bytes(32),
+      9 => OpenSSL::Random.random_bytes(32),
+      10 => "\x02\x00\x00\x00"
+    }) { |k, v1, v2| v1 }
+  end
+end

data/lib/kdbx/version.rb

@@ -0,0 +1,3 @@
+class Kdbx
+  VERSION = "0.1.0"
+end

data/lib/kdbx/wrapper.rb

@@ -0,0 +1,65 @@
+require "base64"
+require "openssl"
+require "rexml/document"
+
+module Kdbx::Wrapper
+  XPATH = "//Value[@Protected='True']"
+
+  module_function
+
+  def unwrap(data)
+    stream  = StringIO.new data
+    payload = String.new
+    loop do
+      head = stream.readpartial 40
+      id, hash, size = head.unpack "La32L"
+      break if size == 0
+      part = stream.readpartial size
+      payload << part
+    end
+    payload
+  end
+
+  def wrap(payload)
+    data = String.new
+    data << "\x00\x00\x00\x00"
+    data << OpenSSL::Digest::SHA256.digest(payload)
+    data << [payload.bytesize].pack("L") << payload
+    data << "\x01\x00\x00\x00"
+    data << "\x00" * 36
+    data
+  end
+
+  def pieces(doc)
+    doc.elements.to_a(XPATH).map(&:text).compact
+  end
+
+  def expose(data)
+    doc = REXML::Document.new data
+    ciphertext = pieces(doc).map do |t|
+      Base64.decode64 t
+    end
+    plaintext = yield ciphertext.join
+    doc.elements.each XPATH do |e|
+      next if e.text == nil
+      size = ciphertext.shift.bytesize
+      e.text = plaintext.byteslice 0, size
+      plaintext = plaintext.byteslice size..-1
+    end
+    doc.to_s
+  end
+
+  def protect(data)
+    doc = REXML::Document.new data
+    plaintext = pieces doc
+    ciphertext = yield plaintext.join
+    doc.elements.each XPATH do |e|
+      next if e.text == nil
+      size = plaintext.shift.bytesize
+      text = ciphertext.byteslice 0, size
+      ciphertext = ciphertext.byteslice size..-1
+      e.text = Base64.encode64 text
+    end
+    doc.to_s
+  end
+end

metadata

@@ -0,0 +1,79 @@
+--- !ruby/object:Gem::Specification
+name: kdbx
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- rumtid
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-03-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: salsa20
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.1.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.1.2
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+description: 
+email: 
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- lib/kdbx.rb
+- lib/kdbx/attributes.rb
+- lib/kdbx/encryption.rb
+- lib/kdbx/header.rb
+- lib/kdbx/version.rb
+- lib/kdbx/wrapper.rb
+homepage: https://github.com/rumtid/kdbx.rb
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.8
+signing_key: 
+specification_version: 4
+summary: A kdbx library to access kdbx file format
+test_files: []